Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger Wallet 4.0

Download now Learn more

BIP-360 (Pay-to-Merkle-Root / P2MR)

Jun 2, 2026 | Updated Jun 2, 2026
BIP-360 is a proposed Bitcoin output type intended to mitigate the risk of quantuam attacks by preventing the exposure of public keys.

What Is BIP-360?

BIP-360 is a draft proposal for a new Bitcoin output type. Its primary purpose is to protect against a specific quantum computing risk: the long-exposure attack, where a public key sits visible on the blockchain for an extended period, giving a future quantum computer time to derive the private key from it.

Under most current Bitcoin address types, your public key is eventually revealed on-chain when you spend funds. BIP-360 proposes to reduce this exposure by removing the key-path spend option for this output type. Instead of committing to a public key, funds are sent to a Merkle root, a cryptographic commitment to a script tree. The public key is not committed to on-chain in the output, and typical spends do not broadcast the public key on-chain.

Think of it like putting your spending rules in a sealed envelope. The seal is visible on the blockchain, but the rules inside stay hidden until you spend.

How Does BIP-360 Work?

Instead of sending funds to a public key, funds are sent to a commitment to a script tree, represented as a Merkle root. Because there is no key-path spend, the public key is not typically broadcast to the network. The full script is only revealed at the moment of spending, which keeps the key off-chain for as long as the funds remain unspent.

Security and Quantum Readiness

BIP-360 addresses long-exposure quantum attacks, where keys are visible on-chain for extended periods. It does not fully protect against short-exposure attacks, where a key is briefly visible while a transaction waits to be confirmed. Full protection against short-exposure attacks may require post-quantum signatures in the future.

While BIP-360 is a step toward quantum safety, it is not a complete quantum-proof solution. It works best when combined with good practices such as avoiding address reuse and using a hardware signer to verify address and transaction details before signing. Wallets will handle the complex script-tree construction in the background, but confirming the address and transaction details on your device before authorizing remains essential.

Quantum Computing

Quantum computing is an emerging computer science branch using the laws of quantum mechanics to solve problems considered too complex for standard computers.

Full definition

Mempool Space

A mempool space is a software application that queries the Bitcoin blockchain and displays essential information about the current state of the mempool.

Full definition

Diamond Hands

Diamond hands is a slang term for market participants who hold onto their digital assets despite market volatility.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.